[Zope-dev] fixing security problems HOW?

Robin Becker robin@jessikat.fsnet.co.uk
Wed, 29 Nov 2000 02:26:15 +0000


In article <XRM0TXAiCFJ6EwLk@jessikat.fsnet.co.uk>, Robin Becker
<robin@jessikat.fsnet.co.uk> writes
....
>>Apparently, your "live" is a Z instance.
>>It is quite easy to forget the ZClass permission mapping
>>(or get it wrong). This may lead to strange permission
>>problems.
>Which ZClass permission mapping? Anonymous seems to be able to 'view'.
>
>The 'Manager' role can log in and do stuff, but even when I change the
>permissions of Anonymous to be completely the same as for Manager I
>don't get the same behaviour; ie anonymous is being asked to log in?
>
>The problem I suppose is that /live/index_html is really a permission of
>/live and I guess the permissions determining access etc are really in /
>the object which cannot be traversed to :) 
well I upgraded my CVS version and everything started working again.
Mumble. If only I hadn't tried to get the new Python methods to work etc
etc dribble dribble.
-- 
Robin Becker